mt-daapd -- denial of service vulnerability

Details

VuXML ID

a7080c30-91a2-11dc-b2eb-00b0d07e6c7e

Discovery

2007-11-05

Entry

2007-11-12

US-CERT reports:

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and
earlier allows remote attackers to cause a denial of service
(NULL dereference and daemon crash) via a stats method action
to /xml-rpc with (1) an empty Authorization header line, which
triggers a crash in the ws_decodepassword function; or (2) a
header line without a ':' character, which triggers a crash
in the ws_getheaders function.